New audit-perms patch [ Re: Audit perms check on recv ]
Stephen Smalley
sds at epoch.ncsc.mil
Tue Dec 28 12:58:09 UTC 2004
On Mon, 2004-12-27 at 17:25, Serge E. Hallyn wrote:
> + security_compute_av(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, ~0,
> + &avd);
> + cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed);
Sorry, on second thought, we likely don't want the performance and
locking overhead of security_compute_av() imposed on all netlink sends,
so I'd suggest the diff below relative to your patch to switch back to
using avc_has_perm_noaudit(), but clearing avd.allowed first to ensure a
well-defined value even upon error return and casting to void to avoid a
warning about ignoring the return value.
--- linux-2.6/security/selinux/hooks.c.orig 2004-12-28 07:55:06.526688392 -0500
+++ linux-2.6/security/selinux/hooks.c 2004-12-28 07:56:09.234155408 -0500
@@ -3551,8 +3551,9 @@ static int selinux_netlink_send(struct s
tsec = current->security;
- security_compute_av(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, ~0,
- &avd);
+ avd.allowed = 0;
+ (void)avc_has_perm_noaudit(tsec->sid, tsec->sid,
+ SECCLASS_CAPABILITY, ~0, &avd);
cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed);
if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list